"AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts

Posted by Comfortable-Site8626@reddit | programming | View on Reddit | 6 comments

[-]

spoki-app@reddit

The 'Google-sent' claim is particularly concerning; a successful compromise of a major platform's outbound messaging infrastructure, or highly convincing spoofing that bypasses common email authentication mechanisms like DMARC, points to a significant attack vector. In my work bridging legacy fintech systems with modern SaaS

[-]

rooktakesqueen@reddit

30,000 Facebook accounts have been compromised by phishing emails Google itself delivers. Authenticated, signed, and never blocked. We call this ”AccountDumpling”: a Vietnamese-linked operation that turns Google AppSheet into a phishing relay, then sells the stolen accounts back through a storefront run by the same hands.

Pulling on that thread led us through Netlify-hosted Facebook clones, Vercel-hosted reward traps, Google Drive-hosted PDFs, and recruiter-style social engineering, all riding the same Google-authenticated relay and feeding the same Telegram bot infrastructure. We mapped roughly 30,000 victims and traced the operation back to a Vietnamese name embedded in a Canva-generated PDF the attackers forgot to scrub. We also recovered enough victim data to reach out directly to many of them, telling them they had been compromised and helping them act before more damage was done.

What we found wasn't a single phishing kit. It was a living operation with real-time operator panels, advanced evasion, continuous evolution and a criminal-commercial loop that quietly feeds on the same accounts it helps steal back.

God, the slop is inescapable.

[-]

GrouchyExchange2122@reddit

Are you saying the article is ai slop?

[-]

GrouchyExchange2122@reddit

Sorry what do you mean

[-]

AutomateAway@reddit

i got one of these emails but two things saved me. First, I had worked for multiple FIs in the past and thus i never click links in emails, ever. If i get an email for a site, i browse to that site and login there. Second, I stopped using Facebook years ago due to it being a giant ad server and misinformation network.

This is all to say that social engineering is still the most effective way to “hack” someone. And people, even smart people, fall for it way too fucking much.

[-]

lospantaloonz@reddit

same trick works with google groups. hidden in the headers you'll find the spoof emailer, but the messages all pass authentication. it's really annoying and no easy fix that I'm aware of.